A Server-side Template Injection vulnerability in CrushFTP allows unauthenticated remote attackers to leak server variables values and read arbitrary files in the operating system. This allows authentication bypass of currently logged in users via leak of session tokens by sessions.obj file or log files reading. If the leaked session token is from a CrushFTP administrator user then remote code execution is possible via arbitrary class instantiation vulnerability on the admin panel (dynamic SQL driver loading).
CVE Link
Product Name